Update cfengine to 1.6.3
* Expansion of $(dollar) broken in 1.6.0 - fixed * Locking problem in cfd fixed. Problem causing access denied while re-reading config files. MAXTRIES increased for high volume services, was causing premature apoptosis. dest= could not refer to a filename with spaces, fixed. * Made recipient variables in client.c long instead of size_t in rstat, for 64 bits. With %ld in scanf. * Cfengine 1.6.0-1.6.3 introduces filters into processes and files. * 1.6.3 change from Berkeley DB2 to DB3 - not backward compatible!!! Update Berkeley db with cd build_unix ../dist/configure make; make install ln -s /usr/local/BerkeleyDB.3.2 /usr/local/BerkeleyDB 2000-06-13 David Masterson <David.Masterson@kla-tencor.com> * 1.6.0.a2: re-released to Mark after stupid mistakes. * src/Makefile.am (noinst_HEADERS): add cfparse.h * Makefile.am (EXTRA_DIST): add acconfig.h 2000-06-12 David Masterson <David.Masterson@kla-tencor.com> * 1.6.0.a2: released to Mark * General: Attempted to convert to reincorporate all my Automake stuff into the release. 2000-06-12 Mark Burgess <Mark.Burgess@hio.no> * 1.6.0-alpha1: released * General: Rewrite of DCE code by Transarc/IBM. Add elsedefine= tag as complement to define=. CompressCommand action=compress in files, tidy, compress=true for compressing files on the fly. Bug in copy with size= fixed. Was ignored if file didn't exist. Modules: in addition to setting classes, can return lines =ENVVAR=value which sets cfengine environment variables. This allows modules to set variables which can be inherited directly by scripts. 2000-05-11 David Masterson <David.Masterson@kla-tencor.com> * contrib/Makefile.am (pkgdata_SCRIPTS): change cfemacs.el to cfengine.el in keeping with internal documentation. Also renamed the file as well. 2000-05-08 David Masterson <David.Masterson@kla-tencor.com> * Release: V1.6 released to Mark for verification. * Everything: Many things have been changed and reorganized for the shift to automake generated Makefiles. See the end of the NEWS file for more information. 2000-04-24 David Masterson <David.Masterson@kla-tencor.com> * ChangeLog: Created and initialized with old VERSION.DIFF ***************** Minor Version 5 ******************** KNOWN BUGS: linux, when making directories, ownership can perms can be wrong. 1.5.4 Added security message in checksum=md5 for cfengine if new files appear Bug in class evaluation with multiple embedded groups fixed Bug in file transfer could hang a server in special circumstances. Bug in secure recursive copy (access denied incorrectly). Type change, size is off_t in cfstat struct Multiple define bug in copy: could cause endless loop Thread counting error fixed in cfd Required/disk suspicious warnings now cause classes to be defined Resolver could delete substring lines Extra measures against Denial of Service attacks on cfd, only one instance of a host-IP may be connected at one time. 1) Multiple connections from the same host are refused by default (before any recv()) 2) A DenyConnectionsFrom list will prevent named IP adresses from connecting (before any recv) or a general AllowConnectionsFrom mask... 3) If the thread table is full for more than five requests, cfd commits suicide (apoptosis) to avoid resource usage by spamming. The control variable "DenyConnectionsFrom = ( ip1 ip2 ... )" allows a list of numerical IP masks to be specified, which cfd will deny connections from. This can be used to prevent hanging connection attacks from malicous hosts and other Denial of Service attacks. e.g. cfd.conf control: AllowConnectionsFrom ( 128.39.89 ) DenyConnectionsFrom = ( 128.39.89.4 ) This is in addition to tcp wrapper stuff, but the TCP wrapper code cannot protect against denial of service attacks. typecheck=false in copy switches off error messages on type mismatch.
This commit is contained in:
parent
972d1731b3
commit
64c787b2e1
10 changed files with 133 additions and 224 deletions
|
@ -1,16 +1,16 @@
|
|||
# $NetBSD: Makefile,v 1.7 2001/02/17 17:42:11 wiz Exp $
|
||||
# $NetBSD: Makefile,v 1.8 2001/06/04 16:18:21 abs Exp $
|
||||
#
|
||||
|
||||
DISTNAME= cfengine-1.5.3
|
||||
PKGNAME= cfengine-1.5.3nb3
|
||||
DISTNAME= cfengine-1.6.3
|
||||
CATEGORIES= sysutils net
|
||||
MASTER_SITES= ftp://ftp.iu.hioslo.no/pub/cfengine/ \
|
||||
ftp://ftp.cfengine.webmotion.net/pub/cfengine/
|
||||
|
||||
MAINTAINER= abs@netbsd.org
|
||||
MAINTAINER= packages@netbsd.org
|
||||
HOMEPAGE= http://www.iu.hioslo.no/cfengine/
|
||||
COMMENT= Automate configuration and administration of large systems
|
||||
|
||||
GNU_CONFIGURE= YES
|
||||
CONFIGURE_ARGS= --without-pthreads
|
||||
|
||||
.include "../../mk/bsd.pkg.mk"
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
$NetBSD: distinfo,v 1.2 2001/04/19 11:29:00 agc Exp $
|
||||
$NetBSD: distinfo,v 1.3 2001/06/04 16:18:21 abs Exp $
|
||||
|
||||
SHA1 (cfengine-1.5.3.tar.gz) = bc0a21bfc7ec42c1c0e670ea07914334c5a967c3
|
||||
Size (cfengine-1.5.3.tar.gz) = 688032 bytes
|
||||
SHA1 (patch-aa) = 1d8bac1660b4ad5bb8f842e3d47f910aa58e20a2
|
||||
SHA1 (patch-ab) = a11e41ece3fd40d199683e7ae2643d6fbd4eba49
|
||||
SHA1 (patch-ac) = 24a0e33de1ed2fcd4681ce8e02e6b8ad7e02b567
|
||||
SHA1 (patch-ad) = abc7468db030405de93263d75a38295ac3367d73
|
||||
SHA1 (patch-ae) = 0a4531e51b358b5f7e57e15822f3cf7f76b31567
|
||||
SHA1 (patch-af) = 81994c772fb18edef2125ffb65ff4cb71394f5e7
|
||||
SHA1 (patch-ag) = 7332d24653510e702b06e6ab4eb914cfac186875
|
||||
SHA1 (cfengine-1.6.3.tar.gz) = 4bd3fd2e2b9b798c9a3a6e8c64a7dee2cd4ab763
|
||||
Size (cfengine-1.6.3.tar.gz) = 867265 bytes
|
||||
SHA1 (patch-aa) = 0a9acfd8825be20f6739b5ec7a67fdec5376bb89
|
||||
SHA1 (patch-ab) = 4ea38815ee7a13696df545ac25b51246dcc80c42
|
||||
SHA1 (patch-ac) = 18c6f129246203d763b48f357fead560da2f5bf3
|
||||
SHA1 (patch-ad) = 0044a60597fea926bbf456862f7fe61a96f6b37d
|
||||
SHA1 (patch-ae) = 99496b14f80c8605886cd78a520af4d1c6cc0475
|
||||
|
|
|
@ -1,53 +1,10 @@
|
|||
$NetBSD: patch-aa,v 1.2 2000/10/02 16:43:45 abs Exp $
|
||||
$NetBSD: patch-aa,v 1.3 2001/06/04 16:18:21 abs Exp $
|
||||
|
||||
--- configure.orig Mon Oct 25 09:25:53 1999
|
||||
+++ configure
|
||||
@@ -1073,6 +1073,8 @@
|
||||
# It thinks the first close brace ends the variable substitution.
|
||||
test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
|
||||
--- Makefile.am.orig Tue Jun 13 18:25:29 2000
|
||||
+++ Makefile.am
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = pub src bin contrib inputs doc
|
||||
+SUBDIRS = pub src bin contrib inputs
|
||||
|
||||
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
|
||||
+
|
||||
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
|
||||
EXTRA_DIST = SURVEY acconfig.h
|
||||
|
||||
|
||||
@@ -3984,6 +3986,7 @@
|
||||
|
||||
|
||||
|
||||
+if false; then
|
||||
echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6
|
||||
echo "configure:3989: checking for main in -lpthread" >&5
|
||||
ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'`
|
||||
@@ -4105,6 +4108,7 @@
|
||||
echo "$ac_t""no" 1>&6
|
||||
fi
|
||||
done
|
||||
+fi
|
||||
|
||||
|
||||
echo $ac_n "checking for lchown""... $ac_c" 1>&6
|
||||
@@ -4158,6 +4162,7 @@
|
||||
echo "$ac_t""no" 1>&6
|
||||
fi
|
||||
|
||||
+if false; then
|
||||
echo $ac_n "checking for pthread_attr_setstacksize""... $ac_c" 1>&6
|
||||
echo "configure:4163: checking for pthread_attr_setstacksize" >&5
|
||||
if eval "test \"`echo '$''{'ac_cv_func_pthread_attr_setstacksize'+set}'`\" = set"; then
|
||||
@@ -4353,6 +4358,7 @@
|
||||
fi
|
||||
|
||||
fi
|
||||
+fi
|
||||
|
||||
|
||||
# Check whether --enable-DCE or --disable-DCE was given.
|
||||
@@ -5011,6 +5017,7 @@
|
||||
s%@YACC@%$YACC%g
|
||||
s%@RANLIB@%$RANLIB%g
|
||||
s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
|
||||
+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
|
||||
s%@INSTALL_DATA@%$INSTALL_DATA%g
|
||||
s%@PERL@%$PERL%g
|
||||
s%@TEX@%$TEX%g
|
||||
|
|
|
@ -1,22 +1,13 @@
|
|||
$NetBSD: patch-ab,v 1.4 2000/10/02 16:43:45 abs Exp $
|
||||
$NetBSD: patch-ab,v 1.5 2001/06/04 16:18:21 abs Exp $
|
||||
|
||||
--- contrib/Makefile.in.orig Thu Apr 10 09:19:55 1997
|
||||
+++ contrib/Makefile.in
|
||||
@@ -12,7 +12,7 @@
|
||||
datadir = @datadir@
|
||||
--- Makefile.in.orig Wed Feb 21 12:17:36 2001
|
||||
+++ Makefile.in
|
||||
@@ -77,7 +77,7 @@
|
||||
VERSION = @VERSION@
|
||||
YACC = @YACC@
|
||||
|
||||
INSTALL = @INSTALL@
|
||||
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
||||
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
||||
-SUBDIRS = pub src bin contrib inputs doc
|
||||
+SUBDIRS = pub src bin contrib inputs
|
||||
|
||||
MKINSTALLDIR = @top_srcdir@/bin/mkinstalldirs
|
||||
EXTRA_DIST = SURVEY acconfig.h
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
${MKINSTALLDIR} ${sbindir}
|
||||
for x in $?; \
|
||||
do \
|
||||
- ${INSTALL_PROGRAM} $$x ${sbindir}; \
|
||||
+ ${INSTALL_SCRIPT} $$x ${sbindir}; \
|
||||
done
|
||||
|
||||
clean:
|
||||
|
|
|
@ -1,13 +1,36 @@
|
|||
$NetBSD: patch-ac,v 1.2 2000/10/02 16:43:45 abs Exp $
|
||||
$NetBSD: patch-ac,v 1.3 2001/06/04 16:18:21 abs Exp $
|
||||
|
||||
--- src/encrypt.c.orig Wed Aug 11 10:32:33 1999
|
||||
+++ src/encrypt.c
|
||||
@@ -39,6 +39,8 @@
|
||||
#ifdef HAVE_LIBCRYPTO /* must be des.h from OpenSSL */
|
||||
# ifdef HAVE_OPENSSL_DES_H
|
||||
# include <openssl/des.h>
|
||||
+# else
|
||||
+# undef HAVE_LIBCRYPTO
|
||||
# endif
|
||||
#endif
|
||||
--- configure.orig Mon Jan 29 19:21:35 2001
|
||||
+++ configure
|
||||
@@ -3856,6 +3856,7 @@
|
||||
echo "$ac_t""$rtry" 1>&6
|
||||
|
||||
|
||||
+if false; then
|
||||
echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6
|
||||
echo "configure:3861: checking for main in -lpthread" >&5
|
||||
ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'`
|
||||
@@ -3981,6 +3982,7 @@
|
||||
done
|
||||
|
||||
fi
|
||||
+fi
|
||||
|
||||
echo $ac_n "checking for lchown""... $ac_c" 1>&6
|
||||
echo "configure:3987: checking for lchown" >&5
|
||||
@@ -4034,6 +4036,7 @@
|
||||
fi
|
||||
|
||||
|
||||
+if false; then
|
||||
echo $ac_n "checking for pthread_attr_setstacksize""... $ac_c" 1>&6
|
||||
echo "configure:4039: checking for pthread_attr_setstacksize" >&5
|
||||
if eval "test \"`echo '$''{'ac_cv_func_pthread_attr_setstacksize'+set}'`\" = set"; then
|
||||
@@ -4228,6 +4231,7 @@
|
||||
echo "$ac_t""no" 1>&6
|
||||
fi
|
||||
|
||||
+fi
|
||||
fi
|
||||
|
||||
|
||||
|
|
|
@ -1,20 +1,44 @@
|
|||
$NetBSD: patch-ad,v 1.4 2000/10/02 16:43:45 abs Exp $
|
||||
$NetBSD: patch-ad,v 1.5 2001/06/04 16:18:21 abs Exp $
|
||||
|
||||
--- src/image.c.orig Tue Sep 14 09:28:09 1999
|
||||
+++ src/image.c
|
||||
@@ -193,9 +193,12 @@
|
||||
DeleteItemList(namecache);
|
||||
}
|
||||
|
||||
-DeleteCompressedArray(ip->inode_cache);
|
||||
-
|
||||
-ip->inode_cache = NULL;
|
||||
+ /* Only flush when exiting initial call to RecursiveImage() */
|
||||
+if (strcmp(from,ip->path) == 0)
|
||||
+ {
|
||||
+ DeleteCompressedArray(ip->inode_cache);
|
||||
+ ip->inode_cache = NULL;
|
||||
+ }
|
||||
--- contrib/vicf.in.orig Mon Jun 4 16:46:23 2001
|
||||
+++ contrib/vicf.in
|
||||
@@ -4,7 +4,7 @@
|
||||
exec_prefix=@exec_prefix@
|
||||
sbindir=@sbindir@
|
||||
EDITOR="${EDITOR-vi}"
|
||||
-CFINPUTS="${CFINPUTS-"@pkgdata@"}
|
||||
+CFINPUTS="${CFINPUTS-"@pkgdata@"}"
|
||||
export EDITOR CFINPUTS
|
||||
NOPARSE="cf.preconf|cfd.conf"
|
||||
|
||||
cfclosedir(dirh);
|
||||
}
|
||||
@@ -20,7 +20,7 @@
|
||||
echo "File not found: ${file}"
|
||||
echo "Only these files are eligible for editing:"
|
||||
\ls $CFINPUTS
|
||||
- /usr/ucb/echo -n "Create new file? (Y/n) "
|
||||
+ echo -n "Create new file? (Y/n) "
|
||||
read answer
|
||||
if [ "$answer" = "n" ]
|
||||
then
|
||||
@@ -32,10 +32,10 @@
|
||||
if [ -f ${CFINPUTS}/.${file}.lock -a "$force" = "n" ]
|
||||
then
|
||||
i=30
|
||||
- /usr/ucb/echo -n "File ${file} is busy -- waiting up to $i seconds..."
|
||||
+ echo -n "File ${file} is busy -- waiting up to $i seconds..."
|
||||
while [ -f ${CFINPUTS}/.${file}.lock ]
|
||||
do
|
||||
- /usr/ucb/echo -n .
|
||||
+ echo -n .
|
||||
i=`expr $i - 1`
|
||||
if [ $i = 0 ]
|
||||
then
|
||||
@@ -62,7 +62,7 @@
|
||||
then
|
||||
echo PARSE ERROR IN NEW INPUT-FILE:
|
||||
cat /tmp/cfparse.$$
|
||||
- /usr/ucb/echo -n "Re-edit file? (Y/n) "
|
||||
+ echo -n "Re-edit file? (Y/n) "
|
||||
read answer
|
||||
if [ "$answer" = "n" ]
|
||||
then
|
||||
|
|
|
@ -1,12 +1,20 @@
|
|||
$NetBSD: patch-ae,v 1.2 2000/10/02 16:43:45 abs Exp $
|
||||
$NetBSD: patch-ae,v 1.3 2001/06/04 16:18:22 abs Exp $
|
||||
|
||||
--- src/install.c.orig Fri Sep 24 14:00:03 1999
|
||||
+++ src/install.c
|
||||
@@ -153,6 +153,7 @@
|
||||
FatalError("Redefinition of basic system variable");
|
||||
}
|
||||
strcpy(VNETMASK,value);
|
||||
+ AddNetworkClass(VNETMASK);
|
||||
break;
|
||||
|
||||
--- src/image.c.orig Thu Feb 15 07:23:22 2001
|
||||
+++ src/image.c
|
||||
@@ -206,9 +206,12 @@
|
||||
DeleteItemList(namecache);
|
||||
}
|
||||
|
||||
-DeleteCompressedArray(ip->inode_cache);
|
||||
-
|
||||
-ip->inode_cache = NULL;
|
||||
+ /* Only flush when exiting initial call to RecursiveImage() */
|
||||
+if (strcmp(from,ip->path) == 0)
|
||||
+ {
|
||||
+ DeleteCompressedArray(ip->inode_cache);
|
||||
+ ip->inode_cache = NULL;
|
||||
+ }
|
||||
|
||||
cfclosedir(dirh);
|
||||
}
|
||||
|
|
|
@ -1,54 +0,0 @@
|
|||
$NetBSD: patch-af,v 1.2 2000/10/02 16:43:45 abs Exp $
|
||||
|
||||
--- src/log.c.orig Mon Oct 2 17:38:13 2000
|
||||
+++ src/log.c
|
||||
@@ -71,12 +71,12 @@
|
||||
|
||||
if (LOGGING && (getuid() == 0))
|
||||
{
|
||||
- syslog(LOG_ERR,string,VFQNAME);
|
||||
+ syslog(LOG_ERR,"%s",string,VFQNAME);
|
||||
|
||||
if (strlen(errstr) != 0)
|
||||
{
|
||||
- syslog(LOG_ERR,errstr,VFQNAME);
|
||||
- syslog(LOG_ERR,strerror(errno),VFQNAME);
|
||||
+ syslog(LOG_ERR,"%s",errstr,VFQNAME);
|
||||
+ syslog(LOG_ERR,"%s",strerror(errno),VFQNAME);
|
||||
}
|
||||
}
|
||||
break;
|
||||
@@ -110,11 +110,11 @@
|
||||
case cflogonly:
|
||||
if (LOGGING && getuid() == 0)
|
||||
{
|
||||
- syslog(LOG_INFO,string,VFQNAME);
|
||||
+ syslog(LOG_INFO,"%s",string,VFQNAME);
|
||||
|
||||
if ((errstr == NULL) || (strlen(errstr) > 0))
|
||||
{
|
||||
- syslog(LOG_ERR,errstr,VFQNAME);
|
||||
+ syslog(LOG_ERR,"%s",errstr,VFQNAME);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@
|
||||
|
||||
if (LOGGING && (getuid() == 0))
|
||||
{
|
||||
- syslog(LOG_ERR,string,VFQNAME);
|
||||
+ syslog(LOG_ERR,"%s",string,VFQNAME);
|
||||
}
|
||||
|
||||
if (string[strlen(string)-1] != '\n')
|
||||
@@ -141,8 +141,8 @@
|
||||
|
||||
if (LOGGING && (getuid() == 0))
|
||||
{
|
||||
- syslog(LOG_ERR,errstr,VFQNAME);
|
||||
- syslog(LOG_ERR,strerror(errno),VFQNAME);
|
||||
+ syslog(LOG_ERR,"%s",errstr,VFQNAME);
|
||||
+ syslog(LOG_ERR,"%s",strerror(errno),VFQNAME);
|
||||
}
|
||||
}
|
||||
return;
|
|
@ -1,46 +0,0 @@
|
|||
$NetBSD: patch-ag,v 1.1 2000/10/02 16:43:45 abs Exp $
|
||||
|
||||
--- src/misc.c.orig Tue Sep 14 09:46:53 1999
|
||||
+++ src/misc.c
|
||||
@@ -652,3 +652,41 @@
|
||||
|
||||
AddClassToHeap(CanonifyName(VDOMAIN));
|
||||
}
|
||||
+
|
||||
+/*********************************************************************/
|
||||
+
|
||||
+AddNetworkClass(netmask)
|
||||
+
|
||||
+const char *netmask;
|
||||
+
|
||||
+{
|
||||
+struct in_addr ip,
|
||||
+ nm;
|
||||
+char *sp,
|
||||
+ nmbuf[maxvarsize],
|
||||
+ ipbuf[maxvarsize];
|
||||
+
|
||||
+ /*
|
||||
+ * Has to differentiate between cases such as:
|
||||
+ * 192.168.101.1/24 -> 192.168.101 and
|
||||
+ * 192.168.101.1/26 -> 192.168.101.0
|
||||
+ * We still have the, um... 'interesting' Class C default Network Class
|
||||
+ * set by GetNameInfo()
|
||||
+ */
|
||||
+
|
||||
+ /* This is also a convenient method to ensure valid dotted quad */
|
||||
+if ( (nm.s_addr = inet_addr(netmask)) != -1 &&
|
||||
+ (ip.s_addr = inet_addr(VIPADDRESS)) != -1 )
|
||||
+ {
|
||||
+ ip.s_addr &= nm.s_addr; /* Will not work with IPv6 */
|
||||
+ strcpy(ipbuf,inet_ntoa(ip));
|
||||
+
|
||||
+ strcpy(nmbuf,inet_ntoa(nm));
|
||||
+ while( (sp = strrchr(nmbuf,'.')) && strcmp(sp,".0") == 0 )
|
||||
+ {
|
||||
+ *sp = 0;
|
||||
+ *strrchr(ipbuf,'.') = 0;
|
||||
+ }
|
||||
+ AddClassToHeap(CanonifyName(ipbuf));
|
||||
+ }
|
||||
+}
|
|
@ -1,9 +1,16 @@
|
|||
@comment $NetBSD: PLIST,v 1.2 2000/09/09 18:11:23 wiz Exp $
|
||||
@comment $NetBSD: PLIST,v 1.3 2001/06/04 16:18:22 abs Exp $
|
||||
sbin/cfcron
|
||||
sbin/cfd
|
||||
sbin/cfdoc
|
||||
sbin/cfengine
|
||||
sbin/cfkey
|
||||
sbin/cfmail
|
||||
sbin/cfmailfilter
|
||||
sbin/cfrun
|
||||
sbin/cfwrap
|
||||
sbin/vicf
|
||||
share/cfengine/cf.chflags.example
|
||||
share/cfengine/cf.freebsd.example
|
||||
share/cfengine/cf.ftp.example
|
||||
share/cfengine/cf.groups.example
|
||||
share/cfengine/cf.linux.example
|
||||
|
@ -18,7 +25,8 @@ share/cfengine/cf.users.example
|
|||
share/cfengine/cfd.conf.example
|
||||
share/cfengine/cfdaily
|
||||
share/cfengine/cfengine.conf.example
|
||||
share/cfengine/cfmail
|
||||
share/cfengine/cfengine.el
|
||||
share/cfengine/cfrc.example
|
||||
share/cfengine/cfwrap
|
||||
share/cfengine/cfrun.hosts.example
|
||||
share/cfengine/start-cfd
|
||||
@dirrm share/cfengine
|
||||
|
|
Loading…
Reference in a new issue